How to protect your business and staff in the wake of the Medibank data breach

- November 15, 2022 3 MIN READ

After yet another data breach of Australians’ personal details in the recent Medibank hack, Kelly Johnson, Country Manager (Australia) for global IT security firm ESET shares some important advice for protecting your business and staff from falling victim to cyber crime.

If you, your business, or any of your staff are Medibank customers, you’d be understandably feeling exposed and extremely anxious right now. With 9.7 million customers affected, and almost half a million claims accessed, that’s a lot of personal, medical and financial information in criminal hands.

It’s important to realise that while Medibank didn’t pay the hackers’ ransom demands and nor should anyone, essentially, that’s what a data breach is about: money. However, with Medibank refusing to play, the next targets will be the individuals that were affected by the breach.

Critically – and unfortunately it’s a horrible point to make – the data is already exposed, so engaging with the hackers yourself can actually make things worse and leave you, and others, even more vulnerable.

Protecting your business and staff from a data breach

While Operation Palladius works to get to the bottom of the Medibank breach, there are things you can do to protect yourself, your business, and your staff moving forward.

hacker at computer


Vigilance and awareness is key, as you can be targeted at any time.

Medibank is contacting affected individuals and businesses via email to advise the level of breach to each account. What everyone needs to know is most professional organisations don’t ask for ANY personal or sensitive information via email – they have secure portals for clients to use.

Ensuring ‘official’ emails are genuine is paramount. Educate your teams that hackers are very good at appearing to be the real deal, so if anyone is unsure, ensure they don’t click on any links or reply, and they delete the email. When users are 100 per cent sure it’s a scam, they need to block and report senders as scammers to providers.

The same applies to phone calls and texts. Most phones and carriers have the technology to notify that the call is spam or unknown, so don’t answer or respond, and block numbers.

Secure accounts, devices and networks

Always have your installed network and device security up-to-date when advised by the provider. Updates ensure critical protection against the latest threats, and are easy to automate at down time.

Invest in a password manager for your teams and business accounts; they provide strong encryption against cyber attacks. Your passwords are the first line of defence should your data fall into the wrong hands. Password managers make access easier for your team, and allow you to control who accesses anything.

Change all passwords to accounts and software platforms, including all social media accounts, as they are attached to emails. In a business environment where social media is not required as part of a role, it’s best for employees to keep personal accounts separate to the organisation’s technology and network.

Engage two-factor authentication (2FA), or other multi-layer security measures for apps, websites and critically, email accounts, particularly if you have people working remotely on your network.

Ensure your business networks are secure, and update your cyber security software across the network and all devices attached to it. Consider working with a cyber security expert to enhance your cyber security strategy and plan.

identity cyber security

Be prepared

As technology evolves, so do cyber threats and the criminal groups behind the breaches. The Internet of Things (IoT), which enables increased amounts of devices and people to be connected to your business (and personal) systems, offers more gateways for malware to encroach.

Enforce security awareness training for employees, to heighten awareness and buy-in for protection of the data, and themselves.

The lessons learnt through the Medibank, Optus and Energy Australia data breaches should be that Australian businesses are particularly vulnerable and must invest in strengthening their cyber security resilience. The home affairs minister, Clare O’Neil, admitted to parliament that we are five years behind where we should be as a country when it comes to cyber security.

Look into having cyber insurance, but be sure to read the fine print. Requirements such as ensuring you have backups can be missed and leave you without coverage.

It’s so important that business owners use everything they can, and glean the lessons from those being exposed, to protect their own frontlines with every weapon available.

Want more? Get our newsletter delivered straight to your inbox! Follow Kochie’s Business Builders on FacebookTwitter, Instagram, and LinkedIn.

Now read this:

Are you taking the right steps to protect against a cyber attack?

Small Business Guide to Tax Time with Mark Chapman